Should I be concerned with out of license warnings? 1

[gramatoncleric]

Should I be concerned with out of license warnings coming from the application log in event viewer? The system seems to work find and everyone has access to things even though there are more users logged in than the available license. If the system is working, why should I upgrade the license? Currently I have 14 different logins in the system on a standard five-user license. It might be a 10-user license. How can you find out? Currently we are set to "Per Seat

 

[kharrison30]

I suggest you get enough licences to cover all your users. The business down the street from us received a huge file for not have enough licenses for their users.

 

[gramatoncleric]

Yeah, but what is the drawback from a network standpoint? I'm obviously going to upgrade if necessary but I need to understand this situation a little further. No sense buying extra licenses if I can setup my system legally and still run ok.

Scot Trodick

http://www.procnsultancy.com/

 

[crobin1]

You certainly need enough licenses to cover yourself legally. While there is not a drawback from a network standpoint you can be subject to very big fines as kharrison mentioned. If you've got 14 users on a 5- or 10-user license, then you need to purchase more.

That being said, Microsoft's "License Logging" service and attendant tool for managing the licenses has not worked correctly in any version of NT that I've used. In Windows Server 2003 the service is now disabled by default. Your best bet is to keep up with the licenses in a spreadsheet, and stop and disable the "License Logging" service on your server(s).

 

[gramatoncleric]

If all I need is access to the server wiothout all the frills of security what is my best choice? Is it possible to have 20 people use 5 different logon accounts? Is this possible in a per seat environment or would I need to move to a per server setup?

Scot Trodick

http://www.procnsultancy.com/

 

[NickFerrar]

If you only have a single server then per server licensing is generally better as it goes by concurrent users (so you could have a 10 user licence covering 20 actual users as long as no more than 10 connected to the server at any one time).

Once you have multiple servers it's generally better to switch to per seat licensing in which case you need a licence (CAL) for each user.

I'm not actually sure in per seat mode if it's legal to have multiple users use the same account under a single CAL, it probably is but then you're also losing security in that the users would all have access to each other's files and email etc. You're much better off purchasing the correct number of licences than trying to do things 'on the cheap' and creating more administration headaches for yourself.

As for the licence tool - I ignore/disable it as we run all our servers in per seat mode. I think it needs to be running though if you're in per server mode as that is what prevents logons past the licence count you have.

 

[mlichstein]

Disable the license logging service. It is disabled by default in Server 2003, and will not be in future versions of Windows.

The licensing logging service and GUI are not used for license auditing/compliance in any way.

 

[ABAMOTO]

How can a company be found out over-using his software license? Take Microsoft for example, will Windows detect license from each node and determine whether the license is valid/good? If not, then it will send data of a company's IP address and other information to Microsoft Headquarter, and then the company will receive a fine?

Isn't it violating privacy right if the above is true? Are other software companies all having the same tracking technology as well these days??

 

[mlichstein]

Audits are conducted by a third-party organization, at random.

There is no phoning home, tin-foil hat sort of things going on.

 

[dk87]

Why would you want to use more licenses than you purchased? That is nothing more than stealing, and if you are going to steal software where do you draw the line? If you have 14 different people logging in you should have 14 licenses. And don't bother with per server licenses. Buy them per seat. That way you can GROW and add more servers.

 

[gramatoncleric]

this message is in response of dk87:
Do not assume that someone is trying to cheat a license code. Did you read every post in this thread? This forum is to gain knowledge on any given topic and not to start preaching morals. Why would you assume that more licenses are being used than were purchased? And besides, per server was built so that one license can serve two people using a log in at different times of the day. For example a morning shift person and a night shift person. If you have 50 morning shifts and 50 evening shifts with no need for security on a user level then why on earth would you consider buying 100 licenses when the system was built to accomodate this legally with 50 licenses? Let's try to keep this forum to knowledge based inputs.

Scot Trodick

http://www.procnsultancy.com/

 

[Davetoo]

I read every post in this thread, so I guess I'm qualified to add something here.

First, the OP clearly stated he had 14 users logging into a 5 or 10 userlicensed environment. No mention of whether it was a per server or per seat setup.

Second, the scenario set out of 50 daytime users and 50 nightime users would not mean an environment where 100 licenses were needed. In fact, only 50 licensees would be needed because the license is granted to the client PC, not the person using the client PC.

Third, the post advising to simply acquire a per seat number of licenses equivalent to the number of client PC's located within your environment was a good one. From an administrative viewpoint, it's easier to have one client license for every PC rather than try to guestimate how many people are actually accessing a server at any one time.

Fourth, technical advice must sometimes be accompanied by or with a moral or ethical argument. Licensing of MS server products is a very good example of such a case. The MS method is based upon the honor system, there is nothing built into the OS that ensures you have enough licenses to match actual usage. Since it is an honor system, then morals and ethics come into play because there is nothing technically to stop you from having 1000 people simultaneouslyl access your 5-user licensed server. There is, however, ethical and moral arguments against you doing that (as well as some compelling legal ones as well).

I would say this thread is full of knowledgable input, in each and every post.

I'm Certifiable, not certified.
It just means my answers are from experience, not a book.

 

[gramatoncleric]

Excellent response!
Are dk87 and lander215 the same person?
In any case, I was thrown off by the statement, "If you have 14 different people logging in you should have 14 licenses." It probably should have said, "If you have 14 computers logging into the server you should have 14 licenses. Careful how you use the term certifiable. That sure is a statement that can be misconstrued.

Scot Trodick

http://www.procnsultancy.com/

 

[JBruyet]

I currently am using per server licensing, but I'm going to switch over to per seat licensing in a few months as I will be purchasing three more servers. I was very pleased to discover that one per seat license allows that user to access all necessary servers, and concurrently too.

My 2 cents worth,

Joe Brouillette

 

[mrmentalfloss]

sorry to re-visit this .. i found this thread by accident when i did a google search.

i am trying to determine exactly WHAT and WHEN it is needed to have a CAL.

where i work (a very small company) we currently have windows nt server installed under a domain environment with winnt as the PDC. i have been asked to look into upgrading to windows 2000 or possibly 2003 server edition.

when a is it necessary to have a CAL? because users just use the windows machine to log into the domain. a majority of the other machines are used for storage while the window's machine is used for the domain login. i did not understand the terms ms had on their website (

http://www.microsoft.com/windows2000/server/howtobuy/pricing/model.asp)

:

An authenticated user is one who directly or indirectly uses the Windows 2000 Server Integrated Sign-on Service or receives credentials from the Windows 2000 Active Directory® service.

is logging into a machine on a window's domain considered the "integrated sign-on service" or do they mean logging into the server itself and using it's services such as http, ftp, etc. .. b/c all the windows server does is allow a user to log into the domain and access the other servers that are linux running samba.

is getting authenticated from the pdc considered "receiving credientials from the Windows 2000 Active Directory service?"

at any given time (if it get's busy) there are at most 25 users on the domain, but everyone just logs into the domain, and use the local machine's web browser, email, im, ms office which is installed on the individual local hd's. we are directly connected to the internet through and the pdc

would using the dhcpd in windows 200x server edition change any of these?

if this question is in the wrong place my apologies. i hope i explained the scenario correctly.

thank you for any help you can provide even if it is pointing in the right direction of where i can look for answers.

 

[NickFerrar]

If someone authenticates to a domain they need a CAL.

 

[gramatoncleric]

interesting. You are the first person to say this. So, in essence, if a CAL does not exist then the user still has network access but he is not authenticated? What do authenticated users benefit from? I have had user access two domains simply be creating the user on each server.

Scot Trodick

http://www.procnsultancy.com/

 

[JBruyet]

If you can add a user and he/she is able to log onto the server/domain, then you have enough CALs (Client Access Licenses) setup in your server. MS pretty much works on the honor system in this. You can tell the server you have 1,000 licenses purchased, and the server can't tell if you purchased them or not. BUT, to be legal, and to save your anatomy should you ever be audited, you need to purchase the CALs (Client Access Licenses) for all users who access your servers. Even if someone is only gaining access to a Linux box, they will still need a CAL if they log on to/authenticate to the Windows domain.

HTH,

Joe Brouillette

 

[mrmentalfloss]

OUCH .. so basically, to update the office one would need to not only purchase a CAL for every computer that is connected to the network as well as the OS itself? .. that IS gonna be a pretty penny.

thanks for the very helpful insight.

i hope i am getting this correct, i need to purchase a CAL for every user that basically logs into a domain at peak times. so even if we have 40 actual users (on different shifts) we would only need to purchase 30 CALs if at peak there are 30 people in the office and logged in the domain.

this might be a wierd off the wall question, but how about mobile users? if they log onto a laptop but do not authenticate through the domain (but the laptop was setup for domain use, just not connected through the cat5) a CAL is not necessary correct? only if they are connected to the domain through LAN of VPN correct? or is this part of that "honor" system.

thanks again for any advice.

 

[JBruyet]

Mrmentalfloss, your peak need is a good way to determine how many CALs you would need for server access. According to your example you would only need 30 CALs.

As to the laptop issue, you would only need to use a CAL if you were actually logging onto the domain. Even if the laptop was setup for domain use, it won't use a CAL unless it's connecting to the domain. Some offices use dial-in for gaining access to the domain, and these connections would use CALs too.

HTH,

Joe Brouillette